On 04/20/10 08:27 AM, Mark Phalan wrote:
On Tue, 2010-04-20 at 08:14 -0700, Garrett D'Amore wrote:
This all looks pretty good. I'd like to see an actual list of the mdb
macros and DTrace probes that have been proposed.
Expect more cases exposing the Dtrace probes (soon) and MDB macros
(later).
Furthermore, I'd like
some independent analysis from the project team (if possible) to confirm
that the new debugging enhancements can't result in leakage of sensitive
data -- whether keys (session or long term), passwords, or anything
which could be use to subvert a session or recover other sensitive
information. (I'm not doubting that the project team "did the right
thing" here -- I'd just feel better if such changes were reviewed by
other kerberos experts as an independent audit -- if this has not
already been done. (I realize that this recommendation is not
necessarily architectural -- still the sensitive nature of the software
in question merits this extra step, IMO. Also, while code review should
also be done as for any project, this independent review I'm talking
about need only consider the soundness of the interfaces and need not
delve into their implementation, IMO.)
I think that this concern can be followed up in the cases which will
introduce the probes and macros.
Ok, so then the specification for those are *not* part of this case, and
I'm happy with the remaining portions. (Exposing the existing logging
interface, and noting the change to make krb-diag work on the S7000.)
With that in mind, +1. Note however that my +1 specifically excludes
the various enhancements to mdb and dtrace (other than the principle
that having such would be good), until either they are specified by
additional case work or details are included here.
- Garrett
_______________________________________________
opensolaris-arc mailing list
[email protected]
